Abstract: This disclosure relates to methods for multi-access point association in a wireless local area network. Multiple access point wireless devices may establish a multi-access point system. Other access point wireless devices may subsequently join the multi-access point system. Non-access point wireless devices may form an association with the multi-access point system, which may include links with multiple different access point wireless devices in the multi-access point system.

Abstract: This disclosure relates to methods for multi-access point association in a wireless local area network. Multiple access point wireless devices may establish a multi-access point system. Other access point wireless devices may subsequently join the multi-access point system. Non-access point wireless devices may form an association with the multi-access point system, which may include links with multiple different access point wireless devices in the multi-access point system.

Abstract: Techniques are directed toward secure scrambling. An example method includes receiving, by a first communication device a physical layer protocol data unit (PPDU) frame from a second communication device. The first communication device can determine a PPDU frame type based at least in part on a preamble of the PPDU frame. The first communication device can apply a PPDU frame type-based key and a determined service field value to implement a descrambling process for a medium access control (MAC) header of the PPDU frame. The first communication device can descramble a payload based at least in part on de-obfuscating the MAC header. The first communication device selecting a scrambler seed for scrambling an acknowledgement (ACK) message. The first communication device scrambling the ACK message based on the selected scrambler seed.

Abstract: Techniques are disclosed for obfuscation in a privacy beacon. An example method includes a first communication device creating a beacon field to be included in a beacon frame. The first communication device can generate a timing synchronization field to be included in the beacon frame. The first communication device can apply an offset to the timing synchronization field of the beacon frame. The first communication device can transmit the beacon frame to a second communication device, the beacon frame comprising the offset timing synchronization field and the beacon field.

Abstract: Techniques are disclosed for obfuscation in a privacy beacon. An example method includes the first device receiving, from a second communication device, a beacon frame comprising a medium access control (MAC) header and an encrypted beacon frame field, the MAC header comprising an obfuscated timing synchronization field (TSF). The first device can select a key for de-obfuscating the TSF based at least in part on information associated with the beacon frame. The first device can de-obfuscate the TSF based at least in part on the key. The first device can decrypt the encrypted beacon frame field of the beacon frame based at least in part on information associated with the de-obfuscated TSF.

Abstract: Techniques are directed toward secure scrambling. An example method includes a first device encrypting a payload to be included in a physical layer protocol data unit (PPDU) frame. The determining a PPDU frame type based at least in part on an association with a second device. The first device can select a key based at least in part on the association with second device. The first device can encrypt a payload to be included in a physical layer protocol data unit (PPDU) frame. The first device can determine a PPDU frame type based at least in part on an association with a second communication device. The first device can obfuscate the field of the MAC header. The first device can scramble the encrypted payload using a service field value. The first device can transmit the PPDU frame to the second device.

Abstract: Techniques are provided for medium access control header obfuscation. One example method includes a first device encrypting a data payload using a first encryption algorithm. The first device can encrypt a field of a medium access control (MAC) header using a second encryption algorithm, different from the first encryption algorithm. The first device can generate a data frame comprising the encrypted MAC header field and the encrypted payload. The first device can transmit the data frame to a second communication device.

Abstract: Embodiments are disclosed for station (STA) identifier opt-in. Some embodiments include a STA that can associate with an access point (AP) of a wireless network, where the STA is configured to opt-in to being identified by the AP. The STA can transmit a first message 2 (M2) of a 4-way handshake protocol during the association, where the first M2 includes a Device Identifier (ID) Key Data Encapsulation (KDE) that includes an Opt-in Control field, where a first value of the Opt-in Control field indicates the STA opts-in to being identified by the AP. The STA can receive a first message 3 (M3) of the 4-way handshake protocol including a Device ID KDE and an ID Blob, where the ID Blob corresponds to the STA. The STA can communicate with the AP, where the first value enables the AP to collect data about the STA during the communication.

Abstract: Methods, systems and apparatuses for performing an address change by an access point (AP) multi-link device (MLD) and non-AP MLD are described. A non-AP MLD may transmit to an AP MLD, using one or more respective transmission (TX) links in an active mode, one or more uplink frames that include one or more respective initial addresses corresponding to one or more respective reception (RX) links of the AP MLD. The non-AP MLD may then configure the one or more respective TX links to a lower power mode. The non-AP MLD may configure the one or more respective TX links with one or more respective new addresses prior to transitioning the one or more respective TX links back to the active mode. The non-AP MLD may transmit, to the AP MLD, one or more additional uplink frames that include the one or more respective new addresses.

Abstract: Embodiments are disclosed for privacy enhancement (PE) beacon frames. A PE station (STA) can receive a PE beacon frame comprising a media access control (MAC) header that includes a first random identifier (ID) and a first checksum ID, determine that configured beacon parameters are satisfied, and then receive the PE beacon frame. When the first random ID and the first checksum ID correspond to an affiliated PE access point (AP) of a PE AP multilink device (MLD), to identify the PE AP MLD the PE STA can determine a checksum value using a AP MLD ID of the PE AP MLD and the first random ID, and based on a comparison of the determined checksum value with the first checksum ID, identify the PE AP MLD. In some embodiments, a location of a change sequence number adjacent to the MAC header enables early termination of the PE beacon frame reception.

Abstract: Embodiments are disclosed for encrypting media access control (MAC) Header fields for Wireless LAN (WLAN) privacy enhancement. For example, a transceiver of a station (STA) or an access point (AP) can set a real time Media Access Control (MAC) header bit in a payload of an aggregated MAC Protocol Data Unit (A-MPDU) subframe to an actual value of a power management (PM) field of a MAC header of the A-MPDU subframe. The transceiver can encrypt the payload, set the PM field to an over the air (OTA) PM value, and transmit the A-MPDU subframe over the air. The OTA PM value can include all zeros, a predetermined value, or a randomized value The transceiver can also set static MAC header bits in the payload of the A-MPDU subframe to corresponding actual values of an aggregated MAC service data unit (A-MSDU) present field of the A-MPDU subframe.

Abstract: Systems, methods, and mechanisms for a privacy enhanced basic service set (BSS), including privacy enhancements for both access points and wireless stations as well as privacy enchantments for authentication, association, and discovery operations. Further, the systems, methods, and mechanisms disclosed may continue to support legacy wireless stations and are thus, backward compatible. A station may communicate with a legacy BSS of a wireless network to transition to a PE BSS of the wireless network. The station may receive, from the PE BSS of the wireless network, an encrypted beacon, wherein the encrypted beacon is decoded based on information received from the legacy BSS and perform, with the PE BSS of the wireless network, an encrypted handshake procedure to authenticate and associate with the PE BSS of the wireless network.

Abstract: Systems, methods, and mechanisms for a privacy enhanced basic service set (BSS), including privacy enhancements for both access points and wireless stations as well as privacy enchantments for authentication, association, and discovery operations. Further, the systems, methods, and mechanisms disclosed may continue to support legacy wireless stations and are thus, backward compatible. A non-associated PE station may receive, from a PE access point, one or more discovery beacons advertising PE BSSs hosted by the PE access point and transmit, to the PE access point, a request to setup pre-association security protection. The non-associated PE station may, upon setup of pre-association security protection, transmit, to the PE access point, a protected request frame and receive, from the PE access point, a protected response that includes PE access point parameters.

Abstract: Embodiments are disclosed for address changing schemes for a multi-link device in a wireless communications system. Some embodiments include a privacy enhanced (PE) access point (AP) multi-link device (MLD) that includes one or more affiliated APs operating on different links. The PE AP MLD can generate a first randomized OTA MLD address based at least on the MLD address of the PE AP MLD for a first affiliated PE AP (PE AP1). The PE AP MLD can transmit a first data transmission using the first OTA MLD address where the first data transmission includes an encrypted aggregated MAC service data unit (A-MSDU) subframe that includes the MLD address. The PE AP MLD can correlate the MLD address of the PE AP MPL with multiple addresses comprising: the first OTA MLD, a unique MLD address, and a Media Access Control (MAC) service access point (SAP) MLD address.

Abstract: Embodiments are disclosed for address changing schemes in a wireless communications system. Some embodiments include an access point (AP) that can establish two or more address profiles with a station (STA), establish a schedule for switching from a first address profile to a second address profile, where the first and second address profiles are of the two or more address profiles, and transmit a first data transmission using the first address profile. Some embodiments include switching from the first address profile to the second address profile based on the schedule, and transmitting a second data transmission using the second address profile. The schedule can be based on a randomized time synchronization function (TSF). The AP can establish a joint algorithm with the STA, and use the joint algorithm determine the first and the second address profiles as well as transition times for the schedule.

Abstract: Some aspects of this disclosure include apparatuses and methods for implementing address and parameter modifications for an access point (AP) and/or a station (STA). Some aspects of this disclosure relate to an electronic device. The electronic device includes a transceiver and a processor communicatively coupled to the transceiver. The processor is configured to communicate, using the transceiver, with a second electronic device that is associated with the electronic device using a first address and a first parameter of the electronic device. The processor is further configured to determine a second address and a second parameter for the electronic device, where the second address is different from the first address and the second parameter is different from the first parameter. The processor is further configured to communicate with the second electronic device using the second address and the second parameter.